How to get configure SAML and get certificate alias, script certificate upload to truststore job.

Hi

I'm working on AEM 6.1 sp1. I'm dealing with 2 issues, one I'm not able to get SP Private Key Alias, second I'm not able to script the steps of SAML configuration,description below.

I've uploaded idp certificate, and also mine certificate and private key to /etc/key/saml as binaries. But it comes out when I go to Adobe Granite SAML 2.0 Authentication Handler configuration it requires from me 2xcertificate alias.

It comes out that I have to upload it thru truststore /libs/granite/security/content/useradmin.html to get alias. 

So I''m uploading the idp.pem and I recive an alias - thats ok, but as it is wrote in SAML Handler configuration I need "SP Private Key Alias" - but non of the files that I generated either  SP-server.pem or SP-server.PKCS8.key don't give me alias. Only when I upload the SP-server.crt I'm reciving alias. So at this moment I'm not sure if its correct or not? Where to get "SP Private Key Alias" ?

Second thing is even more important is I'm not able to do manual steps on production environment, but I can deliver content packages or scripts to be run - and here is a problem how to configure the above steps using scripts? Or what part of jcr I have to pack to provide the trustore with certificates. Of course Adobe Granite SAML 2.0 Authentication Handler configuration is not a problem to be uploaded.

Below is how I generate the keys and certificates.

openssl genrsa -out SP-server.pem 1024 - private key generate

openssl req -new -key SP-server.pem -out SP-server.csr -  certificate signing request

openssl x509 -req -days 365 -in SP-server.csr -signkey SP-server.pem -out SP-server.crt -  generate signed certificate

openssl pkcs8 -topk8 -inform PEM -outform DER -in SP-server.pem -nocrypt > SP-server.PKCS8.key -Convert a PEM file to DER

So after running those commands I get

SP-server.pem

SP-server.csr

SP-server.crt

SP-server.PKCS8.key

And idp.pem which I get from IDP